Rack CORS Middleware Has 0666 Permissions for .rb Files
CVE-2024-27456

Currently unrated

Key Information:

Vendor: rack-cors
Vendor: CVE Published:; 26 February 2024

What is CVE-2024-27456?

The Rack CORS Middleware version 2.0.1 has been identified with improper file permissions set to 0666 for its .rb files. This misconfiguration allows unrestricted read and write access to these files, creating potential security risks. Unauthorized users may exploit this vulnerability to manipulate the application or gain sensitive information. It is essential to enforce stricter permissions to safeguard the integrity of the middleware and associated applications.

References

https://github.com/cyu/rack-cors/issues/274

Timeline

Vulnerability published
Feb 26, 2024
Vulnerability Reserved
Feb 26, 2024